[PHP] Re: Directory permissions question

[Nathan Rixham]

Al wrote:
 I'm working on a hosted website that was hacked and found something I
 don't fully understand. Thought someone here may know the answer.
 
 The site has 4 php malicious files in directories owned by system [php
 created dirs on the site are named nobody] and permissions 755.
 
 Is there any way the files could have been written other than by ftp
 access or at the host root level? Clearly a php script couldn't.
 
 Thanks, Al..

it doesn't matter what the language of the script that did this is, it's
all about the permissions of the process that's running the script

it's the difference between you running a script as www-data and running
it via the shell as root.

SUExec might be at play, some other process, some user with ssh access,
some back door, consider the permissions and owner of the directory
containing the files, if it's nobody then anybody could have written to it.

All in, ask the ISP to check logs and history, ensure all your
permissions on directories are tight, and that you don't have any
scripts on there that can be abused and that they are safe - then
you're clear :)

Best,

Nathan

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] A directory permissions question

[Al]

I'm on virtual-host server and have been following a rule of making certain all directories on the 
root have permissions set to 755.  This is the default when creating new directories with ftp, etc.


Occasionally, I need directories with 757 and have always made certain they 
were not on the root.

I've started thinking about whether my rule really makes any sense for security 
reasons.

In general, the site is well protected by the host's security measures and my use of the Apache 
basic authorization where needed, etc.


Comments and suggestions???

Thanks.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php